e97be526faefb81a24ad8c57b4b29aff9d6fe8b3fa94a3549a2af242ee0d650c

Analysis

max time kernel
134s
max time network
131s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33a70ad457597f2992a4b1dc3a58015e_JaffaCakes118.html
Size

1KB
MD5

33a70ad457597f2992a4b1dc3a58015e
SHA1

99b304e2fc18718f6f63143e77f709b46e696589
SHA256

e97be526faefb81a24ad8c57b4b29aff9d6fe8b3fa94a3549a2af242ee0d650c
SHA512

f3ffaa9b3643b21a5ab158dfa8181cecb869865cbff4a591bc57fbf138738a2458ab6c69170a60eeee914dd318948bafe0d7a081c12036317a375f652c2340bd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000945f9193ea7286168b4afbb86fa26ea20b39629e498d92ba26f2bb00ae95caad000000000e800000000200002000000076f80def2495193703ea22b555b6285009fd00dfbc2499aa38b8a454963a1d10200000001065042857727b176f4300347559afd4bb52dd7f9f118a378c0733f8d851229240000000128d343a5fc390685db9f10164a9ea3809735a8ba8d371e447e1a721a8810ef12620f80fea56cc707e5bd3dd0be67c681b9b305954645fa7f1ef6d28b57c653c	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 208d18567da3da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000009f141b5030a0cc8f5107707233db494867bbe630b02b4361cb818cb588247d7a000000000e80000000020000200000001999f3f5ce35d34e778b5ca18694bb3377d1f191f29cc923043b882addff0f5290000000be2abad03090660b3ba3b09bb404b460f183a75063ec62364cff2fe498e9be6ec803fd5fdf4066b7953313d3a2b4c44c2c66c318fd57e668c6416578e350316c0bee09cd7a52c2b2d3654505b99ae1e83a1261cb937dc80d4be52db11b495dd64677908f81173e6dba8a54558c57e79c54608595be8b63ea00e8568b6446705e43fa1872b8c2b0beb498f696fa5976bd4000000010ac545d23e543bde307ca1cf4569e711e2b23fc718d25f6f1c97c0cb63499d7e37c363f69c7c11dbe1518090b0064da514d35717bbd57284b546794d727c959	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{81703901-0F70-11EF-9BF3-52E878ACFAD8} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421578003"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2220	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2220	iexplore.exe
2220	iexplore.exe
2120	IEXPLORE.EXE
2120	IEXPLORE.EXE
2120	IEXPLORE.EXE
2120	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2120	2220	iexplore.exe	28
PID 2220 wrote to memory of 2120	2220	iexplore.exe	28
PID 2220 wrote to memory of 2120	2220	iexplore.exe	28
PID 2220 wrote to memory of 2120	2220	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\33a70ad457597f2992a4b1dc3a58015e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78a4b16169b79e62fa6118747d2ba0bb

SHA1
283d09a60ee7b0dc1d2aa4feb0d7bcf637a9659a

SHA256
b34438a3066784e137f74b569b56e89dd61d55cf2d3ed6d04cc6f0ed73e87166

SHA512
adbfa96634158f8e8baac4de610a8b8a67ff0c344cc99b4ccdd1e1d3b1fbf51c2494f24c0952959492c436d97077fc170d5f0679147487e60b874d33ba519bd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ab48bd989a841ec64d715f115c9ca16

SHA1
1753c2379e9aa451560a135f249c27716fa70315

SHA256
455577b6b9ce8009134b44fd779f2ea9d8cc5457f699f96f98feb5a65fb5203b

SHA512
1e3c287c22e85c44f07826133e9f8b5109139e933d9c21a85ceae3c69af7a6c3afb76f526199a31cf3b14be07632ad3664a3df943707a76525c1016b7deba8e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f09a1476fb6cff194bf363f2abe95994

SHA1
fb46c3482a6c9285f5f29b3ee534f0b1a81a9976

SHA256
1902306602609435ebe26d39364725a3913983761645f558973a0dc742022176

SHA512
5f458b9e4c641f78996c2f76bd7c7da457709071cdac07c47b40589f726e098b8aea837c51b2ec8eb8c8ae0b4a5bf88ca3c08dfaa1fa6b179d38cb30f7b8aca9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
410d7fb58772fafa35304f13c68c8461

SHA1
a83027df5ab756d51912bd066ad7fbb3e4cdcc09

SHA256
4761b6de28db4d6931fbeae601c4506490f1d846c0ac70c99168742387114ec6

SHA512
88dab5f1ae51e57358c3114f9199c4ce286aba42af37b0c150824ce1c41324e52c4ab0040e1c4a366817b47dfb36c6d61168c4480cf5115dead8f1d2fb7989b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a645986aec3937d98650913d3ec8e1e1

SHA1
7bab99d15edcc558a8a557864f5c75b4bc601b9b

SHA256
3484db80a4d8cd139dac7f22ef912f73dc935ffc676074b415a8e4f0e628d681

SHA512
6c3afa95ce631c04e00b2d073b3a319abe69e1954993101208ac32cd5bf5901b0afa1cf06bcae5f466df2f3cbf6cabc4d6fe59e739dbbfdda050505f497f484c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
860b9bafa683f7bd86d50ab4fda0ccc6

SHA1
8aae4a91f407e75a95b141c0d77af3b5dfac9f57

SHA256
a87bf8816b0160832182f5e550dcdaf0928beefeb6b3c2c031525e414c2ebd10

SHA512
5db50000ef513d68211ba58d8fb9c741839e1e2e4780213f1816ec48b9682ecc415ce46cb704f0e5dcdf73a3bbf6247fc2fffce2f497c9d48b7535db50a0c126

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d612499f37d97b94acf922bddb9491d

SHA1
90b10e6e16df0978094cbc22d1be7aec49c3550a

SHA256
1f0a7fcebf52d33117792ede547de264a11332bd1ff5280a0dbc869db3976612

SHA512
b3c2d7a9e0cb877c151fdf821a53728a844b8902c3cbe50a63f4deca1e05912b76e6c49243d394b6034c37c484248328f20beaf16f2e5a9e7616cd6d0fe3e6bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
442a7468efe42ae0512a26eb26d64cf3

SHA1
d331e850e1e88085fb280808fe28d132128d95b6

SHA256
54e2bede6cc76c553662d2d4eef275e5fa438d80e2067f4ce03a76f7080378bb

SHA512
27be8669f0b05054fd4d35578a625624aedcc2f9e28649e163e006474133c275753f1faff037a8faeee00fedd2872142572d8e4ae70e0c0fbe5687f3ded79faf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d07192c7f02700cc3c00a20cd163dfb

SHA1
34e9b449bb92d6ffabcea0e8e5400c172163c43f

SHA256
8c4d8d6e9ac39d12278b7f10dabea110212018d6cc69d944852d05344cc7df7e

SHA512
dc3012763f7c7253a0d284b00c5368028e841e9aee4f5cc19842e2e72d696fee0835932105bc73715f12e461a4224afba652f778d85e75848b5bbab1c2873d06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8d780a362869b50dbce20f5e99bf87a

SHA1
4bc60157620a225ce734b01fb9b36754fc5c69c0

SHA256
bf87921da386c639b17e8362ec8609ddfb0ce4b9036dac74c2c86d422775c3f9

SHA512
70005d4bbf86228f669145e377163088876182610d86f591f0cff86d9b48e4d20047d09d2fb8b313cc2f8c27bc1b90faef71090bfe27f77f3b535c13aba8e3d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c955d50f5a6e228d88f3f45330d03103

SHA1
72705ec08af1df0ec380094242708db9f7c42bf5

SHA256
5ae66ffacf4879c27d15948890f7d5c421d32c9d6cd8d0f615cd0a1a74a1fdcb

SHA512
6518ae1779d2928098b8ac67b9b2b3b5a7f93819e49efafbf7d5d728451f1af2e461ab9dbbf91e24fe4dd180da8cf51db7257b1a8b2710286435746b5b340ce3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d55deb134e21d0348df9af23553a08f

SHA1
a150f1784e6a2c2342e9e4d5b73ec140ed328100

SHA256
d83b07497773c232930f34736daee9bf75cde139869f80130cf7ca633528beee

SHA512
659e32033d166503a5f182598ee2e606d2073cb6a5553b9071bdefadaa1cec719c7ea67526857f1b1f4b1b77358a9f6172704a3f66b020fe9c0aff75aabd6f21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96edf88a27af8882d9d48c6140d81d2d

SHA1
1350256a1d863d5f96e1a1987c8acef7d7330566

SHA256
07160bc14f8d215dd17aa418c1962805f3c3540ab75959d53d77f6de9494c54b

SHA512
4c9d53a3d253ebb52067fa195a7b53dbfb7a7e96cafb34de8c899322f15d7bc5697d51e759ce135ba7fc48956d26fdf65c9fc391874e68e7a0b967d0bbfecad4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3609dc49dad820243dd3b5f587fc784

SHA1
e8d273212d6745ee79b29ba099654d9351e54c48

SHA256
fb6b64ce79204a3c82e3e6bc32bb19cccb18561bad915a595135b6aba5ca4b87

SHA512
004a7e597f6e5372db94925a43d58e7cf1fbfc6b94de8bd1fbcca7e2bf6844d1f373686b5ba172a44484a9fd33bb435f8351806a31b920e1c23ad3e7cc41c7ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
506dc3f4a754b1d6d994748262ff42e2

SHA1
b7e7a9c94fd6b97853c2a92eef4b8db0c062dc88

SHA256
b767e2f439a7a04a2c5864a38ef6678cb7933bbc1b80cb8c748d6dcede054188

SHA512
7dc90d4c96dae159db7a0cf7e2c1cad745d90835ddc4ba575ee8c9c82d02887d9df25e90c95d5f54ae01f4c255f90684d4a654420c90227dc449ccbce559febe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa8b497305ac660432a02f97cff0a408

SHA1
44865bbda469ede589e7c1f5a1ff68f6067e8710

SHA256
6a65dc5e75047d1e67e581437122ea1c2bf3e79ff0ca8cc36aa87f234fe33c0a

SHA512
3c0f031493905a395bb8523545636498a07abb1b7e14ba3cc31f6645af58337613704c57a3635bbe1acfe49769daa96519f82753ac461f66255af1769a4d3579

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea7106444ef0a396d029aa6b355ada19

SHA1
385395e1335a09e909399a32f5bc554f465c56db

SHA256
d0488c10e5ed5390caf89a4e6b99d8f4132a5ace5782884a11f3f472f0043188

SHA512
adaac0afa8b6fe61026c6388f48147990d117c75c0859e7cd252ce9fc91641d9678493a9a03ff2ec57f50cf0757b75705fb4c5ddda400187c7bf2f06a51cbb07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1DC1.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1E12.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit